CVE-2020-8635
Published Mar 7, 2020
Last updated 3 years ago
Overview
- Description
- Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-732
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "A2057B2F-6A30-4493-9E0B-E73C67470D1B"
},
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "CFBEB412-B9C5-4216-B30C-A2616DE155B7"
},
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:solaris:*:*",
"vulnerable": true,
"matchCriteriaId": "29A1D238-E336-4AFB-906D-691D141A1570"
}
],
"operator": "OR"
}
]
}
]